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This listing of claims replaces and supercedes all prior claim listings or presentations. 
Listing of Claims: 




1. (Currently Amended) A method of controlling at a gateway computing device 
access of a client machine to a desired resource hosted on a destination server, tb^'^^ired 
resource being of at least one material type selected from the group includin'j^^dible 
materials, readable materials, and viewable materials, comprising the st^s of: 

(a) at the gateway computing device receiving handgKaking packets from a 
cli e nt machine the client machine intended to begin a s^e^ion with the destination 
server; 

(b) redirecting network communication ^t the gateway computing device , 
including the steps of: 

redirecting the handshakmg packets by rewriting the destination 
address in the handshaking pap^Kets' IP headers to route the packets to an 
access controlling web server that is remote from the client, the gateway, and 
the destination server : 

receiving a content request packet from the client machine at the 
gateway destinecLfor the destination server intended to retrieve the desired 
resource from Jne destination server; and 

at the gateway redirecting the content request packet by rewriting the 
destinatiefn address in the packet IP header to route the packet to the access 
contreflling web server; 

(c) /receiving a response at the gateway from the access controlling web server; 



and 



(d) at the gateway, controlling access of the client machine to the desired 
rei^ource based on the response from the access controlling web serve r, including 
refusing the client machine access to the desired resource if the response from the 
access controlling web server indicates that the client should not have access to the 
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desired resource and granting the client machine access to the desired resource if the 
response from the access controlling web server indicates that the clienyshould have 
access to the desired resource. 

2. (Original) The method according to claim 1, wherein the s^ep of controlling access 
to the desired resource based on the response from the access cpntrolling web server further 

^\comprises the step of: 

establishing a connection between the client macWfie and the destination server if the 
response indicates that access to the desired resource is allowable. 

3. (Original) The method according to cfaim 2, wherein the content request packet 
comprises a GET URL packet. 

4. (Original) The method accorcHng to claim 3, wherein the response indicates that 
access to the desired resource is alloyable if the access controlling web server does not 
recognize the URL of the GET URL packet. 



5. (Original) The method according to claim 4, further comprising the step of refusing 
a connection to the destination server, and establishing instead a connection between the 
client machine and the a^ess controlling web server if the response is that the access 
controlling web servei?^cognizes the URL of the GET URL packet. 



6. (Original) The method according to claim 5, wherein the step of establishing a 
connection between the client machine and the destination server comprises: resending the 
handshaking/packets and GET URL packet to the destination server transparently with 
respect to Jrie client machine. 
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7. (Original) The method according to claim 6, further comprising the/step of 
embedding an identity token readable by the access controlling web server in the GET URL 
packet, wherein the identity token uniquely identifies the client machn; 

8. (Original) The method according to claim 6, further oomprising the step of 
determining whether to redirect network communications based on the content of a 

^ handshaking packet. 



9. (Original) The method according to cjaim 8, wherein the step of determining 
whether to redirect network communications comprises deciding to redirect network 
communications if the handshaking packet is a SYN packet directed to port 80 on the 
destination server. 

10. (Original) The method according to claim 3, wherein the response indicates that 
access to the desired resound is allowable if the access controlling web server recognizes the 
URL of the GET URL p^ket. 

1 1 . (Origin^) The method according to claim 10, further comprising the step of 
refusing a conneffction to the destination server, and establishing instead a connection between 
the client madiine and the access controlling web server if the response indicates that the 
access controlling web server does not recognize the URL of the GET URL packet. 

12. (Original) The method according to claim 11, wherein the access controlling web 
se/Ver is an RSACi Web Server. 



13 . (Original) The method according to claim 11, wherein the step of establishing a 
connection between the client machine and the destination server comprises: resending the 
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handshaking packets and GET URL packet to the destination server transparejmy with 
respect to the client machine. / 

14. (Original) The method according to claim 13, further comprising the step of 
embedding an identity token readable by the access controllingfweb server in the GET URL 
packet, wherein the identity token uniquely identifies the client machine. 

15. (Original) The method according to claim 13, further comprising the step of 
determining whether to redirect network comrmmications based on the content of a 
handshaking packet. / 

16. (Original) The method according to claim 15, wherein the step of determining 
whether to redirect network communications comprises deciding to redirect network 
communications if the handshaKing packet is a S YN packet directed to port 80 on the 
destination server. / 

17. (CurrentlvAmended) A computer-readable medium having computer-executable 
instructions for comrolling access at a gateway computer of a client computer to a desired 
resource hosted^n a destination server comprising the steps of: 

/ (a) receiving handshaking packets at the gateway computer from a cli e nt 
mafchin e the client machine intended to begin a session with the destination server; 
/ (b) redirecting network communications at the gateway computer , including 
/ the steps of 

/ redirecting the handshaking packets by rewriting the destination 

address in the handshaking packets' IP headers to route the packets to an 
access controlling web server that is remote from the gateway computer ; 
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receiving a content request packet from the client machine destined 
for the destination server intended to retrieve the desired resource from the 
destination server; and / 

redirecting the content request packet by rewriting the destination 
address in the packet IP header to route the packet to the access controlling 
web server; / 

(c) receiving a response at the gateway compter from the access controlling 
web server; and / 

(d) at the gateway computer, controlling access of the client machine to the 
desired resource based on the response from the ajrcess controlling web server by granting 
access if the response indicates that the client rpmy access the desired resource and denying 
access if the response indicates that the cliejpfi may not access the desired resource . 

18. (Original) The computer-readable medium of claim 17, wherein the step of 
controlling access to the desired resource based on the response from the access controlling 
web server further comprises th^step of: 

establishing a connection between the client machine and the destination server if the 
response indicates that ac^ss to the desired resource is allowable. 

19. (Original) The computer-readable medium of claim 18, wherein the content 
request packet comprises a GET URL packet. 

20. (Original) The computer-readable medium of claim 19, wherein the response 
indicates/that access to the desired resource is allowable if the access controlling web server 
does ri6t recognize the URL of the GET URL packet. 
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21 . (Original) The computer-readable medium of claim 20, further comprising the 
step of refusing a connection to the destination server, and establishing instead a connection 
between the client machine and the access controlling web server if th^esponse is that the 
access controlling web server recognizes the URL of the GET URIifpacket. 
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22. (Original) The computer-readable medium of clmm 19, wherein the step of 
establishing a connection between the client machine aFfd the destination server comprises: 
resending the handshaking packets and GET URL packet to the destination server 
transparently with respect to the client machine. 



23. (Original) The computer-readable medium of claim 22, further comprising the 
step of embedding an identity token readable by the access controlling web server in the 
GET URL packet, wherein the identity token uniquely identifies the client machine. 

24. (Original) The comnater-readable medium of claim 22, further comprising the 
step of determining whether^ redirect network communications based on the content of a 
handshaking packet. 

25. (Original)yfhe computer-readable medium of claim 24, wherein the step of 
determining whether to redirect network communications comprises deciding to redirect 
network commumcations if the handshaking packet is a S YN packet directed to port 80 on 
the destination/server. 



26/(Original) The computer-readable medium of claim 19, wherein the response 
indicates that access to the desired resource is allowable if the access controlling web server 
recognizes the URL of the GET URL packet. 
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27. (Original) The computer-readable medium of claim 26, further cizmprising the 
step of refusing a connection to the destination server, and establishing instead a connection 
between the client machine and the access controlling web server if^e response indicates 
that the access controlling web server does not recognize the URZ^ of the GET URL packet. 

28. (Original) The computer-readable medium of claim 27, wherein the access 
controlling web server is an RSACi Web Server. / 

29. (Original) The computer-readable rn^ium of claim 27, wherein the step of 
establishing a connection between the client /nachine and the destination server comprises: 
resending the handshaking packets and C^T URL packet to the destination server 
transparently with respect to the clientinachine. 

30. (Original) The compujter-readable medium of claim 29, further comprising the 
step of embedding an identitv^ken readable by the access controlling web server in the 
GET URL packet, whereirmie identity token uniquely identifies the client machine. 

3 1 . (Original) /he computer-readable medium of claim 29, further comprising the 
step of determinin^whether to redirect network communications based on the content of a 
handshaking paoKet. 

32. /Original) The computer-readable medium of claim 31, wherein the step of 
determimng whether to redirect network communications comprises deciding to redirect 
network communications if the handshaking packet is a SYN packet directed to port 80 on 
the/destination server. 
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33. (Currently Amended) In a computer network environment comprising a client, a 
hosting server, an access controlling server, and a gateway interpospa between the client and 
both of the hosting server and the access controlling server, a rng^od of controlling access of 
the client to a desired resource hosted on the hosting servenxx)mprising the steps of: 

(a) receiving at the gateway a request from the client for the desired resource and 
redirecting the request to the access controlhrfg server; 

(b) receiving at the gateway a permissioFfnotification from the access controlling 
serve r in response to the redirected i:equest ; and 

(c) controlling choosing to eithep4rant or deny access of the client machine to the 
desired resource based on at l^st one criterion including the content of the 
permission notification revived from the access controlling server. 
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